Ransomware most profitable malware in use: Cisco
Organizations give bad guys too much time inside their systems.
Cisco presented a laundry list of failings organizations must overcome if they have any hope of defending themselves against the increasingly complex varieties of ransomware and other forms of malware being used by cybercriminals.
Cisco's 2016 Midyear Cybersecurity Report noted fragile infrastructures, poor network hygiene, and slow detection rates are the primary reasons corporations are falling victim to ransomware attacks. This has led, the report noted, to ransomware becoming the dominant and costliest malware ever and the research firm believes it will become even more dangerous in the coming months as new varieties come online.
“Cisco security researchers anticipate, based on trends and advances observed to date, that self-propagating ransomware is the next step for innovators in this space — and urge users to take steps now to prepare,” the report stated.
Some of the trends spotted during the study that have helped make this form of attack so dangerous were an increasing number of ransomware attacks exploiting server vulnerabilities, specifically JBoss servers. The report estimated that 10 percent of all web-connected JBoss servers have been compromised giving cybercriminals a huge attack surface to exploit.
Cisco also found the criminals are doing a better job of remaining anonymous during the ransomware process by using cryptocurrency, Transport Layer Security and Tor. This enables them to eliminate any direct, and therefor traceable, contact with their victim through email.
Making matters worse, the report uncovered that many organizations are doing a poor job keeping their software up to date with patches, which is one of the primary methods of fending off most types of attacks. The report stated that 20 percent of Google Chrome users were not operating the newest version, even though the browser has auto updates, and this situation gets even worse with regular software. Cisco noted that 33 percent of systems examined still ran Java SE 6 instead of the current Java SE 10, while only 10 percent of those running Microsoft Office 2013 version 15x have the latest service pack installed.
To help stem and eventually reverse this situation Cisco said companies have to stop giving malicious actor too much time running free inside their system, time that is used to not only take data, but to find more weak points to exploit. This can be accomplished by eliminating vulnerabilities through the simple expedient of applying needed patches.